/
request.go
261 lines (241 loc) · 8.58 KB
/
request.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
// Copyright 2022 Elapse and contributors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package auth
import (
"crypto/md5"
"encoding/json"
"fmt"
"net"
"strconv"
"strings"
"github.com/elap5e/penguin/pkg/bytes"
"github.com/elap5e/penguin/pkg/crypto/tea"
"github.com/elap5e/penguin/pkg/encoding/oicq"
"github.com/elap5e/penguin/pkg/encoding/tlv"
"github.com/elap5e/penguin/pkg/log"
"github.com/elap5e/penguin/pkg/net/msf/rpc"
)
func (m *Manager) request(req *Request) (*Response, error) {
if req.Seq == 0 {
req.Seq = m.c.GetNextSeq()
}
sess := m.c.GetSession(req.Data.Uin)
req.Data.RandomKey = sess.RandomKey
req.Data.KeyVersion = sess.KeyVersion
req.Data.PublicKey = sess.PrivateKey.Public().Bytes()
req.Data.SharedSecret = sess.SharedSecret
resp, err := m.call(req)
if err != nil {
return nil, err
}
data, extraData := resp.Data, m.GetExtraData(resp.Data.Uin)
switch data.Code {
case 0x00:
// VerifySignInCode
if data.Type == 0x0012 {
m.c.SetSessionAuth(data.Uin, resp.ExtraData.SessionAuth)
login := resp.ExtraData.ThirdPartLogin.MsgRspCmd_18.MsgRspPhoneSmsExtendLogin
log.Warn("available accounts: %d", len(login.GetBindUinInfo()))
for k, v := range login.GetBindUinInfo() {
log.Printf("%d: %s(%s) photo:%s", k, v.Nick, v.MaskUin, v.ImageUrl)
}
log.Warn("auth unbinding notify: %s", login.UnbindWording)
// select account and input password
var code string
fmt.Printf(">>> ")
fmt.Scanln(&code)
line, _ := strconv.Atoi(code)
info := login.GetBindUinInfo()[line]
extraData.T542 = info.EncryptUin
return m.name2Uin(info.Nick)
}
// success
extraData.Login = resp.ExtraData.Login
// decode t119
tickets := m.c.GetTickets(data.Uin)
key := [16]byte{}
switch data.Type {
default:
log.Debug("auth unknown type: 0x%02x", data.Type)
copy(key[:], tickets.A1.Key[:])
case 0x0007: // VerifySMSCode
copy(key[:], tickets.A1.Key[:])
case 0x0009: // signInWithPassword
copy(key[:], tickets.A1.Key[:])
case 0x000a: // signInWithoutPassword.A2
copy(key[:], tickets.A2.Key[:])
case 0x000b: // signInWithoutPassword.D2
key = md5.Sum(tickets.D2.Key[:])
case 0x0014: // UnlockDevice
copy(key[:], tickets.A1.Key[:])
}
t119, err := tea.NewCipher(key).Decrypt(resp.ExtraData.T119)
if err != nil {
return nil, err
}
tlvs := map[uint16]tlv.Codec{}
buf := bytes.NewBuffer(t119)
l, _ := buf.ReadUint16()
for i := 0; i < int(l); i++ {
v := tlv.TLV{}
v.ReadFrom(buf)
tlvs[v.GetType()] = &v
}
m.c.SetTickets(data.Uin, tlvs)
m.c.SetSessionAuth(data.Uin, nil)
return resp, nil
case 0x02:
// verify captcha or picture
m.c.SetSessionAuth(data.Uin, resp.ExtraData.SessionAuth)
var code string
extraData.T546 = resp.ExtraData.T546
extraData.T547 = resp.ExtraData.T547
if resp.ExtraData.CaptchaSign != "" {
l, err := net.Listen("tcp", "127.0.0.1:0")
if err != nil {
return nil, err
}
addr := l.Addr().(*net.TCPAddr).String()
log.Warn("auth verify captcha, url: %s", strings.ReplaceAll(
resp.ExtraData.CaptchaSign,
"https://ssl.captcha.qq.com/template/wireless_mqq_captcha.html",
"http://"+addr+"/captcha",
))
sign, err := serveHTTPVerifyCaptcha(l)
if err != nil {
return nil, err
}
return m.VerifyCaptcha(data.Uin, []byte(sign.Ticket))
} else {
log.Warn("auth verify picture")
fmt.Printf(">>> ")
fmt.Scanln(&code)
return m.VerifyCaptcha(data.Uin, []byte(code), resp.ExtraData.PictureSign)
}
case 0xa0:
// verify sms code
m.c.SetSessionAuth(data.Uin, resp.ExtraData.SessionAuth)
extraData.T17B = resp.ExtraData.T17B
log.Warn("auth verify sms code")
var code string
fmt.Printf(">>> ")
fmt.Scanln(&code)
return m.VerifySMSCode(data.Uin, []byte(code))
case 0xd0:
// verify signin code
m.c.SetSessionAuth(data.Uin, resp.ExtraData.SessionAuth)
extraData.SignInCodeSign = resp.ExtraData.SignInCodeSign
extraData.T182 = resp.ExtraData.T182
extraData.Salt = resp.ExtraData.Salt
log.Warn("auth verify signin code")
var code string
fmt.Printf(">>> ")
fmt.Scanln(&code)
return m.VerifySignInCode([]byte(code))
case 0xcc:
// unlock device
m.c.SetSessionAuth(data.Uin, resp.ExtraData.SessionAuth)
extraData.T402 = resp.ExtraData.T402
extraData.T403 = resp.ExtraData.T403
extraData.T401.Set(md5.Sum(
append(append(
m.c.GetFakeSource(data.Uin).Device.GUID[:],
sess.RandomPass[:]...),
extraData.T402...),
))
log.Warn("auth unlock device")
return m.unlockDevice(data.Uin)
case 0xef:
// resend sms code
m.c.SetSessionAuth(data.Uin, resp.ExtraData.SessionAuth)
extraData.T174 = resp.ExtraData.T174
extraData.T402 = resp.ExtraData.T402
extraData.T403 = resp.ExtraData.T403
extraData.T401.Set(md5.Sum(
append(append(
m.c.GetFakeSource(data.Uin).Device.GUID[:],
sess.RandomPass[:]...),
extraData.T402...),
))
log.Warn("auth resend sms code, mobile:", resp.ExtraData.SMSMobile)
return m.resendSMSCode(data.Uin)
case 0x01:
log.Debug("invalid login, error:%s message:%s", resp.ExtraData.ErrorTitle, resp.ExtraData.ErrorMessage)
return nil, fmt.Errorf("invalid password")
case 0x05:
log.Debug("invalid username, error:%s message:%s", resp.ExtraData.ErrorTitle, resp.ExtraData.ErrorMessage)
return nil, fmt.Errorf("invalid username")
case 0x06:
log.Debug("not implement, error:%s message:%s", resp.ExtraData.ErrorTitle, resp.ExtraData.ErrorMessage)
case 0x09:
log.Debug("invalid service, error:%s message:%s", resp.ExtraData.ErrorTitle, resp.ExtraData.ErrorMessage)
case 0x0a:
log.Debug("error:%s message:%s", resp.ExtraData.ErrorTitle, resp.ExtraData.ErrorMessage)
return nil, fmt.Errorf("service temporarily unavailable")
case 0x10:
log.Debug("session expired, error:%s message:%s", resp.ExtraData.ErrorTitle, resp.ExtraData.ErrorMessage)
case 0x28:
log.Debug("protection mode, error:%s message:%s", resp.ExtraData.ErrorTitle, resp.ExtraData.ErrorMessage)
case 0x9a:
log.Debug("error:%s message:%s", resp.ExtraData.ErrorTitle, resp.ExtraData.ErrorMessage)
return nil, fmt.Errorf("service temporarily unavailable")
case 0xa1:
log.Debug("error:%s message:%s", resp.ExtraData.ErrorTitle, resp.ExtraData.ErrorMessage)
return nil, fmt.Errorf("too many sms verify requests")
case 0xa2:
log.Debug("error:%s message:%s", resp.ExtraData.ErrorTitle, resp.ExtraData.ErrorMessage)
return nil, fmt.Errorf("frequent sms verify requests")
case 0xa4:
log.Debug("error:%s message:%s", resp.ExtraData.ErrorTitle, resp.ExtraData.ErrorMessage)
return nil, fmt.Errorf("bad requests")
case 0xd5:
log.Debug("phone number not valid, error:%s message:%s", resp.ExtraData.ErrorTitle, resp.ExtraData.ErrorMessage)
return nil, fmt.Errorf("phone number not valid")
case 0xdb:
log.Debug("phone number not registered, error:%s message:%s", resp.ExtraData.ErrorTitle, resp.ExtraData.ErrorMessage)
return nil, fmt.Errorf("phone number not registered")
case 0xeb:
log.Debug("version too low, error:%s message:%s", resp.ExtraData.ErrorTitle, resp.ExtraData.ErrorMessage)
return nil, fmt.Errorf("too many failures")
case 0xed:
log.Debug("invalid device, error:%s message:%s", resp.ExtraData.ErrorTitle, resp.ExtraData.ErrorMessage)
return nil, fmt.Errorf("too many failures")
default:
log.Debug("unknown code: 0x%02x", data.Code)
return nil, fmt.Errorf("unknown code: 0x%02x", data.Code)
}
return resp, nil
}
func (m *Manager) call(req *Request) (*Response, error) {
p, _ := json.Marshal(req)
log.Trace("uin:%d seq:%d cmd:%s meta:%s", req.Data.Uin, req.Seq, req.ServiceMethod, string(p))
p, err := oicq.Marshal(req.Data)
if err != nil {
return nil, err
}
args, reply := rpc.Args{Uin: req.Data.Uin, Seq: req.Seq, Payload: p}, rpc.Reply{}
if err = m.d.Call(req.ServiceMethod, &args, &reply); err != nil {
return nil, err
}
resp := &Response{ServiceMethod: reply.ServiceMethod, Seq: reply.Seq, Data: req.Data}
if err := oicq.Unmarshal(reply.Payload, resp.Data); err != nil {
return nil, err
}
if err := resp.SetExtraData(resp.Data.TLVs); err != nil {
return nil, err
}
p, _ = json.Marshal(resp)
log.Trace("uin:%d seq:%d cmd:%s meta:%s", resp.Data.Uin, resp.Seq, resp.ServiceMethod, string(p))
return resp, nil
}